LiveActive security incident?Get immediate response
CVE archive

September 2007

Browse CVE records published in September 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 442 matching CVEs · Page 4 of 9.

Unknown · CVSS Not scored

CVE-2007-4963: Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination...

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4948: Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attacke...

Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4983: Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7...

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.

Published Sep 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-5030: Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon cra...

Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.

Published Sep 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4982: Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll...

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Published Sep 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4958: Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4965: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attack...

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4961: The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and...

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4956: Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL comman...

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4943: Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allo...

Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4969: Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT...

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

Published Sep 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4970: ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT)...

ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.

Published Sep 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4945: Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitra...

Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4933: Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2....

Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4930: Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers t...

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4949: Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execu...

Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4940: Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mym...

Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values.

Published Sep 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4935: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitra...

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. NOTE: the program_files/livedraft/admin.php and program_files/livedraft/livedraft.php vectors are covered by CVE-2007-4934.

Published Sep 18, 2007 · Updated Aug 7, 2024